CVEs (27)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge...Show more |
1Webtareas Project 1Webtareas Nov 21, 2024 Aug 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. |
1Webtareas Project 1Webtareas Nov 21, 2024 Sep 18, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, project...Show more |
1Webtareas Project 1Webtareas Nov 21, 2024 Sep 18, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 webTareas through 2.1 allows files/Default/ Directory Listing. |
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. |
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." |
1Webtareas Project 1Webtareas Nov 21, 2024 Jun 22, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. |